SKY Brazil inadvertently exposed the data of 32 million customers publicly online. The leaky database was discovered by a security researcher, who also found several ElasticSearch servers in Brazil that were publicly available and without any password protection.
The exposed server was discovered by Brazilian security researcher Fabio Castro, who believes that the data was left exposed online long enough for hackers to have likely stolen information. The exposed data included customers’ full names, email addresses, service login passwords, client IP addresses, payment methods, phone numbers, and street addresses, Bleeping Computer reported.
One of the databases discovered by Castro was over 429GB in size, and the files contained critically personal details of SKY customers.
"The data the server stored was Full name, e-mail, password, pay-TV package data (Sky Brazil), client ip addresses, personal addresses, payment methods," Castro told BleepingComputer. "Among other information the model of the device, serial numbers of the device that is in the customer's home, and also the log files of the whole platform."
Castro said that he informed SKY Brazil about the leak, after which the firm addressed the issue by restricting access to it with a password. However, Castro told Bleeping Computer that the database, which also contained that personal information of high-profile politicians, may have already been accessed by hackers.
Data leaks caused by Cloud misconfiguration have recently become increasingly common and are now considered to be a major threat. Although such breaches are generally caused by simple human errors, their impact can be far-reaching and highly destructive.
Publisher